Building Trustworthy Semantic Webs Dr Bhavani Thuraisingham The University of Texas at Dallas Multilevel Secure Data Management and its implications to Multilevel semantic web technologies October 27 2008 Outline What is an MLS DBMS Summary of Developments Challenges Data Models Implications for semantic web Overview of MLS DBMS What is an MLS DBMS Users are cleared at different security levels Data in the database is assigned different sensitivity levels multilevel database Users share the multilevel database MLS DBMS is the software that ensures that users only obtain information at or below their level In general a user reads at or below his level and writes at his level Need for an MLS DBMS Operating systems control access to files coarser grain of granularity Database stores relationships between data Content Context and Dynamic access control Traditional operating systems access control to files is not sufficient Need multilevel access control for DBMSs Summary of Developments Early Efforts 1975 1982 example Hinke Shafer approach Air Force Summer Study 1982 Research Prototypes Integrity Lock SeaView LDV etc 1984 Present Trusted Database Interpretation published 1991 Commercial Products 1988 Present Taxonomy for MLS DBMSs Integrity Lock Architecture Trusted Filter Untrusted Back end Untrusted Front end Checksum is computed by the filter based on data content and security level Checksum recomputed when data is retrieved Operating Systems Providing Access Control Single Kernel Multilevel data is partitioned into single level files Operating system controls access to the filed Extended Kernel Kernel extensions for functions such as inference and aggregation and constraint processing Trusted Subject DBMS provides access control to its own data such as relations tuples and attributes Distributed Data is partitioned according to security levels In the partitioned approach data is not replicated and there is one DBMS per level In the replicated approach lower level data is replicated at the higher level databases Integrity Lock Trusted Agent to compute checksums Sensor Untrusted Compute Checksum Based on stream data value and Security level Store data value Security level and Checksum Data Manager Database Compute Checksum Based on data value and Security level retrieved from the stored database Operating System Providing Mandatory Access Control Unclassified device Secret device TopSecret device Multilevel Data Manager Unclassified Data Secret Data TopSecret Data Extended Kernel Kernel Extensions To enforce additional security policies enforced on data e g security constraints privacy constraints etc Multilevel Data Manager Multilevel Data Trusted Subject Unclassified device Secret device Multilevel Data Manager Trusted Component Multilevel Data TopSecret device Distributed Approach I Trusted Agent to manage Aggregated Data Unclassified Secret Data Manager Data Manager Unclassified Data Secret Data TopSecret Data Manager TopSecret Data Distributed Approach II Trusted Agent to manage Aggregated Data Unclassified Secret Data Manager Data Manager Unclassified Data Secret Unclassified Data TopSecret Data Manager TopSecret Secret Unclassified Data Some Challenges Inference Problem Inference is the process of forming conclusions from premises If the conclusions are unauthorized it becomes a problem Inference problem in a multilevel environment Aggregation problem is a special case of the inference problem collections of data elements is Secret but the individual elements are Unclassified Association problem attributes A and B taken together is Secret individually they are Unclassified Some Challenges Polyinstantiation Mechanism to avoid certain signaling channels Also supports cover stories Example John and James have different salaries at different levels SS 1 2 3 1 4 3 EMP Name John Paul James John Mary James Salary 20 30 40 70 80 60 Level U U U S S S Some Challenges Covert Channel Database transactions manipulate data locks and covertly pass information Two transactions T1 and T2 T1 operates at Secret level and T2 operates at Unclassified level Relation R is classified at Unclassified level T1 obtains read lock on R and T2 obtains write lock on R T1 and T2 can manipulate when they request locks and signal one bit information for each attempt and over time T1 could covertly send sensitive information to T1 Multilevel Secure Data Model Classifying Databases DATABASE D Level Secret EMP SS Ename DEPT Salary D D Dname Mgr 1 John 20K 10 10 Math Smith 2 Paul 30K 20 20 Physics Jones 3 Mary 40K 20 Multilevel Secure Data Model Classifying Relations EMP Level Secret SS Ename DEPT Level Unclassified Salary D D Dname Mgr 1 John 20K 10 10 Math Smith 2 Paul 30K 20 20 Physics Jones 3 Mary 40K 20 Multilevel Secure Data Model Classifying Attributes Columns EMP SS S Ename U DEPT Salary S D U D U Dname U Mgr S 1 John 20K 10 10 Math Smith 2 Paul 30K 20 20 Physics Jones 3 Mary 40K 20 U Unclassified S Secret Multilevel Secure Data Model Classifying Tuples Rows EMP SS Ename DEPT Salary D Level D Dname Mgr Level 1 John 20K 10 U 10 Math Smith U 2 Paul 30K 20 S 20 Physics Jones C 3 Mary 40K 20 TS U Unclassified C Confidential S Secret TS TopSecret Multilevel Secure Data Model Classifying Elements EMP SS DEPT Ename Salary D 1 S John U 20K C 10 U 2 S Paul U 30K S 3 S Mary U 40K S D U Dname U Mgr S 10 U Math U Smith C 20 U 20 U Physics U Jones S 20 U U Unclassified C Confidential S Secret Multilevel Secure Data Model Classifying Views SECRET VIEW EMP D 20 SS EMP SS Ename Salary D 1 John 20K 10 2 Paul 30K 20 3 Mary 40K 20 4 Jane 20K 20 5 Bill 20K 10 6 Larry 20K 10 1 Michelle 30K 20 Ename Salary 2 Paul 30K 3 Mary 40K 4 Jane 20K 1 Michelle 30K UNCLASSIFIED VIEW EMP D 10 SS Ename 1 John Salary 20K 5 Bill 20K 6 Larry 20K Multilevel Secure Data Model Classifying Metadata Relation REL Relation EMP EMP EMP EMP DEPT DEPT DEPT Attribute SS Ename Salary D D Dname Mgr Level Secret Unclassified Confidential Unclassified Unclassified Unclassified Confidential Status and Directions MLS DBMSs have been designed and developed for various kinds of database systems including object systems deductive systems and distributed systems Provides an approach to host secure applications Can use the principles to design privacy preserving database systems Challenge is to host emerging secure applications including semantic web technologies MLS XML MLS RDF etc Multilevel Semantic Web Technologies Take RDF as an example What so we classify